Posted by
michael
on from the snake-oil-enterprises dept.
lisam writes "Rob Flickenger shows how to become your own Certificate Authority, and sign your own, or others', SSL certificates in this onlamp.com article. (He also manages to mention fnords and deny responsiblity for the Microsoft Corporation cert snafu.)"
This is important, but...
by
rw2
·
· Score: 4, Insightful
It's important the people understand how to do this, but what is missing is some way to understand whether or not to trust a CA. Until your grandma can trivially decide to trust rw2's CAnonical Enterprises, Inc. signing by anyone but the handful of big boys is the most reasonable thing to do.
Re:This is important, but...
by
Sloppy
·
· Score: 5, Insightful
No one can really answer that, because there isn't any way for Grandma to know whether or not she can trust a CA. Even if it's the big guys or if it comes with her browser. I mean, from Grandma's point of view, who the hell is Verisign and what did they ever do to merit trust? At best they're just some faceless corporation she's never heard of or dealt with. A cracker CA named "Integro-Trust Digital Signature National Registry (Fidelity Verified)" would have an even better-looking name than "Verisign."
I don't think you can have real trust without users understanding how things work. Grandma is screwed.
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Re:This is important, but...
by
rw2
·
· Score: 2, Insightful
My only disadvantage is that my visitors have to trust that I am me
Kind of a big disadvantage one might think...
Calling it extortion is innacurate, they have trust and that's a big thing. If it were easy to duplicate someone would have done so and competition would drive prices down.
Arguably, since my CA private cert is in a safe, I am *more* secure
You can argue that, but it's a loser. People are far, far more lax about security than verisign is.
The information that the article mentions above, has been readily available on line in various howto's. Just follow the instructions that come with OPEN SSL or MOD_SSL.
Slashdot Mirror
It's important the people understand how to do this, but what is missing is some way to understand whether or not to trust a CA. Until your grandma can trivially decide to trust rw2's CAnonical Enterprises, Inc. signing by anyone but the handful of big boys is the most reasonable thing to do.
The information that the article mentions above, has been readily available on line in various howto's.
Just follow the instructions that come with OPEN SSL or MOD_SSL.
Why is it that slashdot found it 'news' worthy?